Thanks to visit codestin.com
Credit goes to github.com

Skip to content

update changelog 2.45.3 #12364

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 2, 2025
Merged

update changelog 2.45.3 #12364

merged 1 commit into from
May 2, 2025

Conversation

paulOsinski
Copy link
Contributor

Updates the docs changelog for 2.45.3 . Both of these features are also present in DefectDojo OS edition.

@github-actions github-actions bot added the docs label May 1, 2025
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented May 1, 2025

DryRun Security

This pull request identifies a potential security vulnerability in DefectDojo Pro where automated tool reports could unintentionally modify finding statuses, potentially allowing status manipulation through misconfigured or manipulated tool reports.

💭 Unconfirmed Findings (1)
Vulnerability Potential Unintended Status Modification During Reimport
Description A security finding in DefectDojo Pro v2.45.3 reveals that automated tool reports could potentially manipulate Finding statuses without direct human intervention. The new reimport behavior allows changing a Finding's status based on subsequent tool reports, which could enable status bypassing if tool reports are manipulated or misconfigured.

All finding details can be found in the DryRun Security Dashboard.

@Maffooch Maffooch requested review from dogboat and hblankenship May 1, 2025 18:19
mtesauro
mtesauro approved these changes May 2, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit 6601929 into DefectDojo:bugfix May 2, 2025
77 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@valentijnscholten valentijnscholten valentijnscholten approved these changes

@dogboat dogboat dogboat approved these changes

@hblankenship hblankenship hblankenship approved these changes

@Maffooch Maffooch Maffooch approved these changes

Assignees
No one assigned
Labels
docs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@paulOsinski @mtesauro @valentijnscholten @dogboat @hblankenship @Maffooch